>From: David Brownlee <D .
K .
Brownlee @
city .
ac .
uk>
>Date: Tue, 3 Oct 1995 10:55:04 +0100 (BST)
>Subject: Re: NFS
>
>On Tue, 3 Oct 1995, Reg Clemens wrote:
>
>> [...]
>>
>> The problem is SUN's NFS under SUNOS 4.1.3/4. I have a server with a half
>> dozen file systems that are exported read-only to all the other machines
>> in the domain. I would like to restrict their mounting to machines within
>> the domain while maintaining connectivity to the outside world.
>> SUN's software does not support this option, it only allows specifying
>> specific machine names, and the list of *all* machine names overflows
>> some internal limit in SUN's software.
>>
>> [...]
>
> Replace the innetgr.c in libc.so with a non broken version.
> (I have a non broken version I can mail on request)
> I did that here & hapilly exported to ~200 machines (with FQDN) from
> SunOS 4.1.3 & 4.1.4. More recently I've replaced SunOS with NetBSD
> which gets it right without any help (And has a _much_ better
> /etc/exports syntax - I can export to 138.40.X.X easily, and map all
> uids (not just root) to a given uid & other nice things too).
>
>
> David/abs
>
> D .
K .
Brownlee @
city .
ac .
uk (MIME) +44 171 477 8186 {post,host}master (abs)
>Network Analyst, UCS, City University, Northampton Square, London EC1V 0HB.
> <<< Monochrome - Largest UK Internet BBS - telnet mono.org >>>
>>=- Microsoft: Abort and Retry Cancel -or- NetBSD: http://www.netbsd.org -=<
>
>
>-----
You can also chain netgroups, but without that firewall (that as a minimum
prevents spoofing internal ip addressed) it is all for naught. Some comes in as
a legal address and your hole (yes that is spelled correctly) is shot.
Donald J Smith
Network Security Engineer @Computing Devices International
"@begin design in the security and
ease_of_use != A*(1/Data_Security)"
(my opinions are mine and so are the spelling errors ;-)
|
|
